Packages changed: MicroOS-release (20250512 -> 20250513) grub2 kernel-source (6.14.5 -> 6.14.6) less (668 -> 676) ncurses (6.5.20250503 -> 6.5.20250510) podman python-cryptography (44.0.2 -> 44.0.3) python-greenlet (3.2.1 -> 3.2.2) python-maturin (1.8.3 -> 1.8.6) python313 python313-core rebootmgr (3.2+git20250317.27192cc -> 3.3+git20250512.b6e4e84) === Details === ==== MicroOS-release ==== Version update (20250512 -> 20250513) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== grub2 ==== Subpackages: grub2-common grub2-i386-efi grub2-i386-efi-bls grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-efi-bls - Fix CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971) * 0001-kern-rescue_reader-Block-the-rescue-mode-until-the-C.patch * 0002-commands-search-Introduce-the-cryptodisk-only-argume.patch * 0003-disk-diskfilter-Introduce-the-cryptocheck-command.patch * 0004-commands-search-Add-the-diskfilter-support.patch * 0005-docs-Document-available-crypto-disks-checks.patch * 0006-disk-cryptodisk-Add-the-erase-secrets-function.patch * 0007-disk-cryptodisk-Wipe-the-passphrase-from-memory.patch * 0008-cryptocheck-Add-quiet-option.patch - patch rebased * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * 0004-Key-revocation-on-out-of-bound-file-access.patch - patch refrehed * 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch * 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch ==== kernel-source ==== Version update (6.14.5 -> 6.14.6) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - arm64: insn: Add support for encoding DSB (bsc#1242778). - commit ad69173 - selftest/x86/bugs: Add selftests for ITS (bsc#1242006 CVE-2024-28956). - x86/its: Use dynamic thunks for indirect branches (bsc#1242006 CVE-2024-28956). - x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006 CVE-2024-28956). - x86/its: Align RETs in BHB clear sequence to avoid thunking (bsc#1242006 CVE-2024-28956). - x86/its: Add support for RSB stuffing mitigation (bsc#1242006 CVE-2024-28956). - x86/its: Add "vmexit" option to skip mitigation on some CPUs (bsc#1242006 CVE-2024-28956). - x86/its: Enable Indirect Target Selection mitigation (bsc#1242006 CVE-2024-28956). - x86/its: Add support for ITS-safe return thunk (bsc#1242006 CVE-2024-28956). - x86/its: Add support for ITS-safe indirect thunk (bsc#1242006 CVE-2024-28956). - Update config files. - x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006 CVE-2024-28956). - Documentation: x86/bugs/its: Add ITS documentation (bsc#1242006 CVE-2024-28956). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242006 CVE-2024-28956). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242006 CVE-2024-28956). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242006 CVE-2024-28956). - commit 820ad28 - Revert "Disable patches.kernel.org/6.14.2-607-e1000e-change-k1-configuration-on-MTP-and-late.patch" This reverts commit 607aeebbcf481a6b191013a1846c1eb795213e09. It turns out it is some special HW in the report. Let us be in sync with upstream. - commit c36a0e7 - check-for-config-changes: Fix flag name typo - commit 1046b16 - accel/ivpu: Correct mutex unlock order in job submission (git-fixes). - sch_htb: make htb_deactivate() idempotent (git-fixes). - commit 7de953d - Linux 6.14.6 (bsc#1012628). - Revert "rndis_host: Flag RNDIS modems as WWAN devices" (bsc#1012628). - ALSA: hda/realtek - Add more HP laptops which need mute led fixup (bsc#1012628). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (bsc#1012628). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (bsc#1012628). - ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS() (bsc#1012628). - btrfs: adjust subpage bit start based on sectorsize (bsc#1012628). - btrfs: fix COW handling in run_delalloc_nocow() (bsc#1012628). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (bsc#1012628). - drm/fdinfo: Protect against driver unbind (bsc#1012628). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (bsc#1012628). - EDAC/altera: Test the correct error reg offset (bsc#1012628). - EDAC/altera: Set DDR and SDMMC interrupt mask before registration (bsc#1012628). - i2c: imx-lpi2c: Fix clock count when probe defers (bsc#1012628). - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (bsc#1012628). - parisc: Fix double SIGFPE crash (bsc#1012628). - pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines (bsc#1012628). - perf/x86/intel: Only check the group flag for X86 leader (bsc#1012628). - perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1012628). - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload (bsc#1012628). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (bsc#1012628). - mm/memblock: pass size instead of end to memblock_set_node() (bsc#1012628). - mm/memblock: repeat setting reserved region nid if array is doubled (bsc#1012628). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (bsc#1012628). - spi: tegra114: Don't fail set_cs_timing when delays are zero (bsc#1012628). - tracing: Do not take trace_event_sem in print_event_fields() (bsc#1012628). ... changelog too long, skipping 261 lines ... - commit 2544d32 ==== less ==== Version update (668 -> 676) - Update to 676 * Treat -r in LESS environment variable as -R. * Add ESC-j and ESC-k commands (github #560). * Add --no-paste option (github #523). * Add --no-edit-warn option (github #513). * Add --form-feed option (github #496). * Add ESC-b command (github #615). * Make TAB complete option name in -- command (github #531). * Update the file size on an attempt to go past end of file. * Make -R able to pass through any OSC escape sequences, not just OSC 8 (github #504). * Setting LESS_IS_MORE=0 now disables "more" compatibility even if invoked via a file link named "more" (github #500). * Pass through escape sequences in prompts even if -R is not set. * Add LESS_SHELL_LINES to support shell prompts which use more than one line (github #514). * Add LESSANSIOSCALLOW to define OSC types which may be passed through. * Add LESSANSIOSCCHARS to define non-standard OSC intro chars. * Add LESS_SIGUSR1 to define user signal handler (github #582). * Add mouse and mouse6 commands to lesskey (github #569). * Improve behavior of ^O^N and ^O^P commands. * Fix unexpected behavior when entering a partial command followed by a valid command (github #543). * Fix bug when coloring prompt string with SGR sequences (github #516). * Fix bug when searching for text near an invalid UTF-8 sequence (github #542). * Fix display bug when file contains ESC followed by NUL (github #550). * Fix bug when using +:n +:p +:x or +:d on the command line (github #552). * Fix bug with --no-number-headers when header is not at start of file (github #566). * Fix bug where lesstest fails if window is resized (github [#570]). * Fix bug using "configure --with-secure=no" (github #584). * Fix bug using multibyte command chars (github #595). * Fix auto_wrap setting on Windows (github #497). * Fix two bugs using ^S search modifier (github #605). * Fix bug searching for UTF-8 strings with the PCRE2 library (github #610). * Fix bug highlighting OSC 8 links when opening a new file. - Remove upstreamed reproducible.patch ==== ncurses ==== Version update (6.5.20250503 -> 6.5.20250510) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20250510 + add rv/xr codes for domterm, mintty, mlterm -TD + add xr code for putty -TD + update teraterm to 5.0 -TD + add rlogin-color -TD ==== podman ==== - Downgrade criu from Requires to Recommends. It's provides optional functionality and shouldn't be a hard requires. - Added patch to remove using rw as a default mount option (bsc#1239776) * 0001-remove-appending-rw-as-the-default-mount-option.patch - Remove iptables dependency (bsc#1231424) - Hard require criu for checkpointing functionality. ==== python-cryptography ==== Version update (44.0.2 -> 44.0.3) - Update to 44.0.3 * Fixed compilation when using LibreSSL 4.1.0. ==== python-greenlet ==== Version update (3.2.1 -> 3.2.2) - Update to 3.2.2 * Make greenlet build and run on Python 3.14 beta 1. It will not run on earlier versions of 3.14; it should run on subsequent versions. See PR 445. ==== python-maturin ==== Version update (1.8.3 -> 1.8.6) - Update to 1.8.6 * Print a message when overriding platform tag from `_PYTHON_HOST_PLATFORM` gh#PyO3/maturin#2594 * Use the current python interpreter's version when the abi3 feature is set with no explicit version gh#PyO3/maturin#2597 - Update to 1.8.4 * Install a Rust toolchain into a temporary directory when building maturin itself or a package and a Rust toolchain is missing. Set MATURIN_NO_INSTALL_RUST to disable this behavior. #2421 * Fix broken maturin develop with latest uv in #2584 * Add PYO3_PYTHON env var support in #2534 * Sort RECORD file in wheel archives to make them deterministic in #2550 * Publish wheel for loongarch64 in #2548 * Add --compression-level option to build command in #2572 ==== python313 ==== - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1) ==== python313-core ==== Subpackages: libpython3_13-1_0 python313-base - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1) ==== rebootmgr ==== Version update (3.2+git20250317.27192cc -> 3.3+git20250512.b6e4e84) - Update to version 3.3+git20250512.b6e4e84: * Release version 3.3 * Fix handling of temporarily disabled reboots